IN THE ABSTRACT 


• Please replace the Abstract as filed with the following: 

ABSTRACT OF THE INVENTION 


QUERY INTERFACE TO POLICY SERVER 


A n exemplary scalable access filter that is used together with others like it in a virtual 
private network to control access by users at clients in the network to information 
resources provided by servers in the network is disclosed . Each access filter [[use]] uses 
a local copy of an access control data base (3845) to determine whether an access request 
is made by a user. Each user belongs to one or more user groups and each information 
ro s sourcc resource belongs to one or more information sets. Access is permitted or 
denied according to access policies,, which define access in terms of the user groups and 
information sets. The first access filter in the path performs the access check, encrypts 
and authenticates the request; the other access filters in the path do not repeat the access 
check. The interface used by applications to determine whether a user has access to an 
entity is now an SQL query. The policy server (3811) assembles the information needed 
for the response to the query from various information sources, including source 
external to the policy server. 
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